CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-21815

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-21816

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of servic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2021-3835

Buffer overflow in usb device class. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/G ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2021-3861

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2021-45281

QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at adminuseredit.php?usertoedit=XSS, as the user supplied input for the value of this parameter is not properly sanitized.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-21712

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-23613

xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-23623

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input vali ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2022-23624

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` fo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-24450

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the dynamically provisioned sandbox accounts feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-0504

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：17 | 回复：0
CVE-2022-0505

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：18 | 回复：0
CVE-2022-0506

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：17 | 回复：0
CVE-2021-20877

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：21 | 回复：0
CVE-2022-0508

Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：21 | 回复：0
CVE-2022-21173

Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：22 | 回复：0
CVE-2022-21193

Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contai ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：19 | 回复：0
CVE-2022-21799

Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：18 | 回复：0
CVE-2022-21805

Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspeci ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：18 | 回复：0
CVE-2022-22142

Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vecto ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：18 | 回复：0
CVE-2022-22146

Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2022-0509

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：18 | 回复：0
CVE-2022-23331

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：19 | 回复：0
CVE-2022-23340

Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：21 | 回复：0
CVE-2021-44864

TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redunda ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：19 | 回复：0
CVE-2021-44956

Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：18 | 回复：0
CVE-2021-44957

Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：17 | 回复：0
CVE-2021-45325

Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2021-45326

Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：20 | 回复：0
CVE-2021-45327

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：21 | 回复：0
CVE-2022-0510

Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：27 | 回复：0
CVE-2021-45328

Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：34 | 回复：0
CVE-2022-0139

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：33 | 回复：0
CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：38 | 回复：0
CVE-2022-0518

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：43 | 回复：0
CVE-2022-0519

Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：61 | 回复：0
CVE-2022-0520

Use After Free in NPM radare2.js prior to 5.6.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：61 | 回复：0
CVE-2022-0521

Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：53 | 回复：0
CVE-2022-0522

Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：79 | 回复：0